We have 3 nodes in the primary site and LDAP refresh is working on only one of them. Please look into this issue and let us know if that is expected behavior.
Release : 3.4.x, 4.0.x and 4.1
Component : PRIVILEGED ACCESS MANAGEMENT
The fact is that the LDAP refresh runs on the replication leader of the site. This is as per the product design.
This can be verified by doing a review of the session logs.
In the primary replication site leader, the session logs will have an entry with "PAM-LDAP-0009"